On Thu, 6 Jun 2019 01:19:56 +0100, "Apd"  wrote:

>"Paul" wrote:
>> When you look at the klr.enc1 files, what's the first
>> thing you notice ? There's a couple of groups of 0xCF hex
>> bytes. "Real" encryption would have high entropy.
>> This smells funny...
>>
>>     CF CF CF CF CF CF CF CF CF CF CF CF
>
>It smells like spaces!
>
>XOR the base64 with 0xEF and you have plain text with a single
>linefeed terminating each line. It's an XML report. Here's a line from
>your second example, krdeicar.txt (wrapped for ease of reading):
>
>
Object="@Filesystem[65ba0377-31a7-52e4-8e5b-5415b3a73f12]/Downloads/EICARAntiVi
rusTestFile.com"
> Info="EICAR-Test-File" />
>

 Thanks for that. You must dream in hex, as I did 2 decades
ago. Alas, all I dream about now is staying alive.
 Simple XORing. Who would have guessed?
 Too hard for me to figure out without your help. I will now
write a little program in free Pascal or maybe 16 bit assembler to
automate the process, unless you can recommend freeware (no online
datamining stuff) that does it automatically ?
 TIA
 []'s

 PS TY too Paul
-- 
Don't be evil - Google 2004
We have a new policy  - Google 2012
--- NewsGate v1.0 gamma 2